b'Audit Report\n\n\n\n\nOIG-11-020\nManagement Letter for Fiscal Year 2010 Audit of the\nBureau of Engraving and Printing\xe2\x80\x99s Financial Statements\n\n\nNovember 12, 2010\n\n\n\n\nOffice of\nInspector General\nDepartment of the Treasury\n\x0c                                      DEPARTMENT OF THE TREASURY\n                                            W ASHINGTON, D.C. 20220\n\n\n\n\n     OFFICE OF\nINSPECTOR GENERAL\n                                            November 12, 2010\n\n\n            MEMORANDUM FOR LARRY R. FELIX, DIRECTOR\n                           BUREAU OF ENGRAVING AND PRINTING\n\n            FROM:                 Michael Fitzgerald\n                                  Director, Financial Audits\n\n            SUBJECT:              Management Letter for Fiscal Year 2010 Audit of the\n                                  Bureau of Engraving and Printing\xe2\x80\x99s Financial Statements\n\n\n            I am pleased to transmit the attached management letter in connection with the\n            audit of the Bureau of Engraving and Printing\xe2\x80\x99s (BEP) Fiscal Year 2010 financial\n            statements. Under a contract monitored by the Office of Inspector General, KPMG\n            LLP, an independent certified public accounting firm, performed an audit of the\n            financial statements of BEP as of September 30, 2010, and for the year then\n            ended. The contract required that the audit be performed in accordance with\n            generally accepted government auditing standards; applicable provisions of Office\n            of Management and Budget Bulletin No. 07-04, Audit Requirements for Federal\n            Financial Statements, as amended; and the GAO/PCIE Financial Audit Manual.\n\n            As part of its audit, KPMG LLP issued, and is responsible for, the accompanying\n            management letter that discusses other matters involving internal control over\n            financial reporting and its operations that were identified during the audit but were\n            not required to be included in the audit reports.\n\n            In connection with the contract, we reviewed KPMG LLP\xe2\x80\x99s letter and related\n            documentation and inquired of its representatives. Our review disclosed no\n            instances where KPMG LLP did not comply, in all material respects, with generally\n            accepted government auditing standards.\n\n            Should you have any questions, please contact me at (202) 927-5789 or a member\n            of your staff may contact Shiela Michel, Manager, Financial Audits, at\n            (202) 927-5407.\n\n            Attachment\n\x0cTHE DEPARTMENT OF THE TREASURY\n\n   BUREAU OF ENGRAVING AND\n           PRINTING\n\n\n\n\n          MANAGEMENT LETTER\n FOR THE YEAR ENDED SEPTEMBER 30, 2010\n            NOVEMBER 9, 2010\n\x0c                                          BUREAU OF ENGRAVING AND PRINTING\n                                                MANAGEMENT LETTER\n                                        FOR THE YEAR ENDED SEPTEMBER 30, 2010\n\n                                                           TABLE OF CONTENTS\n\n\n\n\nMANAGEMENT LETTER .................................................................................................................................. 1\n\nAPPENDIX A ............................................................................................................................................ A-1\n\n   2010-01             Lack of Documentation for a Spare Part Issuance............................................................ A-1\n   2010-02             Ineffective Monitoring of the Security Hotline .................................................................. A-1\n   2010-03             Failure to Record a Fixed Asset Disposal ......................................................................... A-2\n   2010-04             Lack of Acknowledged Receipt of Code of Conduct .......................................................... A-3\nSTATUS OF PRIOR YEAR\xe2\x80\x99S RECOMMENDATIONS ......................................................................................B-1\n\x0c                             KPMG LLP\n                             2001 M Street, NW\n                             Washington, DC 20036-3389\n\n\n\n\nNovember 9, 2010\n\nThe Inspector General, Department of the Treasury and\nThe Director of the Bureau of Engraving and Printing, Department of the Treasury:\n\nWe have audited the financial statements of the Bureau of Engraving and Printing (the Bureau),\nas of and for the year ended September 30, 2010, and have issued our report thereon dated\nNovember 9, 2010. In planning and performing our audit of the financial statements of the\nBureau, we considered internal control over financial reporting (internal control) as a basis for\ndesigning our auditing procedures for the purpose of expressing our opinion on the financial\nstatements. We have also examined management\xe2\x80\x99s assertion that the Bureau maintained effective\ninternal control over financial reporting as of September 30, 2010, and have issued our report\nthereon dated November 9, 2010.\n\nDuring our audit, we noted matters related to internal control and other operational matters that\nare presented for your consideration in Appendix A to this report. These comments and\nrecommendations, all of which have been discussed with the appropriate members of\nmanagement, are intended to improve internal control or result in other operating efficiencies.\nManagement\xe2\x80\x99s response to these comments and recommendations are included in Appendix A.\nWe did not audit the Bureau\xe2\x80\x99s response and, accordingly, we do not express an opinion on them.\n\nOur audit procedures were designed primarily to enable us to form an opinion on the financial\nstatements and to form an opinion on management\xe2\x80\x99s assertion and, therefore, may not bring to\nlight all weaknesses in policies and procedures that may exist. We aim, however, to use our\nknowledge of the Bureau\xe2\x80\x99s organization gained during our work to make comments and\nsuggestions that we hope will be useful to you.\n\nWe would be pleased to discuss these comments and recommendations with you at your request.\n\nThis report is intended solely for the information and use of the Department of the Treasury\xe2\x80\x99s\nOffice of Inspector General and management of the Bureau, and is not intended to be and should\nnot be used by anyone other than these specified parties.\n\nVery truly yours,\n\n\n\n\n                              KPMG LLP is a Delaware limited liability partnership,\n                              the U.S. member firm of KPMG International Cooperative\n                              (\xe2\x80\x9cKPMG International\xe2\x80\x9d), a Swiss entity.\n\x0c                                                                                      Appendix A\n\n\n\n\n2010-01         Lack of Documentation for a Spare Part Issuance\n\nThe Bureau of Engraving and Printing (the Bureau) was not able to provide documentation to\nsupport one spare part issuance. Management stated that the supporting transfer/delivery ticket\nfor the issuance of this spare part was accidently disposed of. OMB Circular No. A -123,\nManagement Accountability and Control, Section II: Establishing Management Controls, states,\n\xe2\x80\x9cTransactions should be promptly recorded, properly classified, and accounted for in order to\nprepare timely accounts and reliable financial and other reports. The documentation for\ntransactions management controls, and other significant events must be clear and readily\navailable for examination.\xe2\x80\x9d The amount of the spare part for which supporting documentation\nwas not retained was $834. Without adequate documentation supporting transactions, expenses\nmay be overstated and inventory may be understated. In addition, lack of documentation related\nto spare parts issuances increases the risk of misstatement due to misappropriation of assets.\n\nWe recommend that the Bureau review policies and procedures in place over spare parts\nissuances and ensure that they include documentation retention guidelines. The Bureau should\nalso ensure the policies are being implemented properly and consistently by monitoring their\noperation.\n\nManagement Response:\n\nManagement concurs with the finding and recommendation. Due to the uniqueness of this\ninventory item; internal records are maintained to monitor consumption rates and to determine re-\norder points, not to document usage, which is done by the meter on the tank. Management\nanticipates that the implementation on the Manufacturing Support Suite (MSS) portion of BEN in\nOctober 2011, will reduce the reliance on manual records to support the transactions relating to\nthis inventory item.\n\n2010-02         Ineffective Monitoring of the Security Hotline\n\nDuring our test work over the Bureau\xe2\x80\x99s security hotline in FY2010, we called the security hotline\nas a test and after receiving no response for six days called a second time. An inspector\nresponded after an additional six days of our second call. Upon meeting with the inspector we\nrequested to review the hotline call logs and were informed that no logs were retained from\nOctober 1, 2009 through December 31, 2009. In addition, we noted that our initial call to the\nhotline was not recorded on the log for that day; however our second call was recorded. The\nBureau failed to consistently execute the controls established for the security hotline, which\nrequires daily, regular monitoring. The Bureau also failed to ensure that calls to the hotline were\nreturned in a prompt and timely manner and that call log documentation was retained.\nManagement explained that this was due to changes in personnel as well as changes in voice-mail\nproviders. OMB Circular No. A-123, Management\xe2\x80\x99s Responsibility for Internal Control states\n\xe2\x80\x9cThe agency head must establish controls that reasonably ensure that \xe2\x80\xa6ii. assets are safeguarded\nagainst waste, loss, unauthorized use or misappropriation\xe2\x80\x9d. In addition, the COSO Internal\nControl Integrated Framework recommends that \xe2\x80\x9calternative communication channels also\nshould exist for reporting sensitive information such as illegal or improper acts. Findings of\nenterprise risk management deficiencies usually should be reported not only to the individual\nresponsible for the function or activity involved, but also to at least one level of management\nabove that person.\xe2\x80\x9d Without proper hotline monitoring, the agency increases the risk of\n\n\n                                               A-1\n\x0c                                                                          Appendix A, continued\n\n\nundetected fraud or security violations. In addition, without proper monitoring of the hotline, the\nagency may overlook important and relevant security or ethics information, for which corrective\naction is needed.\n\nWe recommend that the Bureau reinforce procedures regarding proper monitoring of the hotline.\nManagement should also establish controls to ensure that review of existing procedures is\nproperly executed.\n\nManagement Response:\n\nManagement concurs with the finding and recommendation. Management has determined that\nthe Bureau Security Hotline is no longer needed as the Department of Treasury\xe2\x80\x99s Office of\nInspector General Hotline is available and fulfills the intended purpose of the agency\xe2\x80\x99s hotline.\nManagement intends to rescind Circular 71-00.62 \xe2\x80\x9cBureau of Engraving and Printing Security\nHotline\xe2\x80\x9d, and, as of December 31, 2010, discontinue its use of the hotline.\n\n2010-03         Failure to Record a Fixed Asset Disposal\n\nDuring our test work over fixed asset disposals in FY2010, the Bureau did not properly monitor\nand retire a fixed asset disposal. Specifically, we identified an asset which was physically\ndisposed of in January 2010, which was not communicated to the Bureau\xe2\x80\x99s Office of Financial\nManagement (OFM) or removed from the Bureau\xe2\x80\x99s fixed asset subsidiary ledger or general\nledger as of September 30, 2010. The proceeds from the sale of the fixed asset, which amounted\nto $9,000 were not deposited on a timely basis. The Bureau failed to consistently execute\ncontrols established within the fixed asset process, which requires all disposals be communicated\nto and reviewed by OFM immediately after approval. OMB Circular No. A-123, Management\xe2\x80\x99s\nResponsibility for Internal Control states \xe2\x80\x9cThe agency head must establish controls that\nreasonably ensure that \xe2\x80\xa6ii. assets are safeguarded against waste, loss, unauthorized use or\nmisappropriation.\xe2\x80\x9d It also states, "information should be communicated to relevant personnel at\nall levels within an organization. The information should be relevant, reliable, and timely." The\nasset that was disposed of that was not recorded properly in the Bureau\xe2\x80\x99s general ledger had a net\nbook value of $35 thousand at the time of disposition. As a result, the Bureau\xe2\x80\x99s assets and\ncumulative results were overstated by $26 thousand and cash was not recorded in the amount of\n$9 thousand as of September 30, 2010. Without proper fixed asset disposal controls, the agency\nincreases the risk of overstating assets and cumulative results of operations.\n\nWe recommend that the Bureau implement internal controls to monitor and record the disposal of\nfixed assets. Management should also require all disposals be communicated to and reviewed by\nthe appropriate OFM personnel immediately after approval, and establish proper controls to\nensure such notifications are occurring timely.\n\nManagement Response:\n\nManagement concurs with the finding and recommendation. The implementation of the Maximo\n7.1, an asset management tool, will assist the stakeholders in the management of assets across the\nassets\xe2\x80\x99 entire lifecycle while standardizing the process across facilities. Management anticipates\nthat real-time reporting of transactions will reduce the likelihood of possible waste, loss, and\nunauthorized use or misappropriation of Bureau assets. Implementation is expected in October\n2011; as an interim remedy, management will take steps to disseminate information on the\n\n\n\n                                               A-2\n\x0c                                                                          Appendix A, continued\n\n\nagency\xe2\x80\x99s policies and procedures related to disposal of Fixed Assets with an emphasis on the\ntimely coordination with the Office of Financial Management.\n\n2010-04          Lack of Acknowledged Receipt of Code of Conduct\nDuring our test work over the Bureau code of conduct in FY2010, we selected a sample of 50\nemployees hired in D.C. and Ft. Worth during the fiscal year and requested documentation that\nthe employee had received and acknowledged the code of conduct. The Bureau was unable to\nlocate 5 of 39 acknowledgement forms for selected D.C. new hires and was unable to locate 11 of\n11 acknowledgment forms for selected Ft. Worth new hires. The Bureau failed to consistently\nexecute the control established over employee acknowledgment of the code of conduct which\nrequires written acknowledgement of the code of conduct be obtained from each new employee.\nManagement explained that this was due to the division of this responsibility between multiple\nemployees as well as unclear document retention policies. The COSO Internal Control\nIntegrated Framework requires ongoing monitoring of the control environment. In evaluating the\nenvironment COSO recommends management consider \xe2\x80\x9c\xe2\x80\xa6whether personnel are asked\nperiodically to state whether they understand and comply with the entity\xe2\x80\x99s code of conduct and\nregularly perform critical control activities. For example, consider whether personnel are required\nperiodically to acknowledge compliance with the code of conduct.\xe2\x80\x9d Without proper distribution\nof the code of conduct, the agency increases the risk that an employee will not comply with or\nunderstand the Bureau\xe2\x80\x99s policies.\n\nWe recommend that the Bureau develop policies and procedures regarding employee receipt and\nacknowledgment of the code of conduct. Management should also establish controls to ensure\nthat files are properly maintained to include employee acknowledgements of the code of conduct\nand any subsequent updates to the previously employee acknowledged code of conduct.\n\n\nManagement Response:\n\nManagement concurs with the finding and recommendation. Currently, a checklist is utilized to\ntrack the completion of documents distributed to new employees during New Employee\nOrientation sessions. This checklist includes documentation of the employee\xe2\x80\x99s receipt of the BEP\nEmployee Handbook which includes a section on the code of conducts. The Office of Human\nResources (OHR) intends to issue additional procedures to ensure that all required\ndocumentations are completed, and accounted for during the New Employee Orientation sessions.\n\n\n\n\n                                               A-3\n\x0c                                                                               Appendix B\n\n\n\n\n               STATUS OF PRIOR YEAR\xe2\x80\x99S RECOMMENDATIONS\n\n                  Recommendation                                     Status\nLack of Proper Documentation for Procurement\nApprovals\n\nWe recommend that the Bureau management reinforce\nthe importance of procedures regarding proper review    Management was able to provide\nand approval of purchase orders and invoices. We also   the requested procurement\nrecommended that management ensure that proper          documentation. The comment is\ncontrols exist to ensure that review procedures are     closed.\nconsistently executed.\n\nErrors in the Calculation of Accrued Interest for\nPrompt Pay Act\n\nWe recommend that the Bureau determine what is\n                                                        No Prompt Payment Act\ncausing the system to incorrectly calculate interest\n                                                        exceptions were identified in\npenalty payments. We also recommend the Bureau\n                                                        current year testing. This\nimplement internal controls to correctly update the\n                                                        comment is closed.\nsystem interest rate on a timely basis.\n\n\n\n\n                                            B-1\n\x0c'